
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A company has a custom application with embedded credentials that retrieves information from an Amazon RDS MySQL DB instance. Management says the application must be made more secure with the least amount of programming effort.
What should a solutions architect do to meet these requirements?
A
Use AWS Key Management Service (AWS KMS) to create keys. Configure the application to load the database credentials from AWS KMS. Enable automatic key rotation.
B
Create credentials on the RDS for MySQL database for the application user and store the credentials in AWS Secrets Manager. Configure the application to load the database credentials from Secrets Manager. Create an AWS Lambda function that rotates the credentials in Secret Manager.
C
Create credentials on the RDS for MySQL database for the application user and store the credentials in AWS Secrets Manager. Configure the application to load the database credentials from Secrets Manager. Set up a credentials rotation schedule for the application user in the RDS for MySQL database using Secrets Manager.
D
Create credentials on the RDS for MySQL database for the application user and store the credentials in AWS Systems Manager Parameter Store. Configure the application to load the database credentials from Parameter Store. Set up a credentials rotation schedule for the application user in the RDS for MySQL database using Parameter Store.
Explanation:
Correct Answer: C
Why Option C is correct:
Why other options are incorrect:
Option A: AWS KMS is for encryption keys, not for storing and rotating database credentials. While KMS can encrypt data, it doesn't provide the built-in credential rotation capabilities that Secrets Manager offers for RDS databases.
Option B: While this uses Secrets Manager correctly, creating a custom Lambda function for rotation adds unnecessary programming effort. Secrets Manager has native RDS credential rotation capabilities that don't require custom Lambda functions.
Option D: AWS Systems Manager Parameter Store is good for storing configuration data and secrets, but it doesn't have built-in credential rotation capabilities for RDS databases like Secrets Manager does. You would need to implement custom rotation logic.
Key AWS Services:
Security Best Practice: Removing hardcoded credentials from application code and using a secure secrets management service with automatic rotation significantly improves security posture.